Unix is a multiuser operating system. That means that it was designed for multiple users to be logged in at once and each running their own programs without getting in the way of each other.
Every program that runs on a Unix machine runs as a specific user account. This includes the web server itself, any command line shell you are running, and whatever software you use to access the servers file system and admin interfaces (eg FTP software, CPanel interface etc). When you log in with a username and password through an FTP client or a control panel you are now operating on the server using that user account.
Note: this doesn't include any Drupal user accounts you have set up. They only exist in your Drupal database, not as any operating system user accounts.
All files on a Unix server have an owner and a group assigned to them. Whenever a file is created on the server it is automatically owned by the user account running the program that created it. Each user account also has a primary group associated with it, and this group also gets assigned to the files group.
Each file and directory also has a set of permission 'bits' assigned to it as well. These permission bits determine what access various users get to a file. The owner of a file is allowed to change these permissions, but all other users can't change them (with the exception of the root user).
The file permission bits are arranged into three sets: 'user owner', 'group owner', and 'other'. These three sets can also be referred to as 'user', 'group' and 'world' respectively. 'world' or 'other' refers to the permissions that apply for any user that isn't the owner and isn't in the files group. Each of these can have its own combination of three basic permissions.
The three basic permissions are 'read', 'write', and 'execute' and are abbreviated as 'rwx'. When you see dashes replacing a letter that means that the permission is absent eg 'r--' means that only read access is present.
When all three sets of permission bits are combined you get a setting like 'rwxr-xr-x' which represents 'rwx' for the owner, 'r-x' for the group, and 'r-x' for everyone else.
You will also see permissions represented as a numerical shorthand eg 755 or 644 etc. In this case the value of 'r' = 4, 'w' = 2, and 'x' = 1, and the digits are determined by adding up these numbers for each set.
- 755 is shorthand for 'rwxr-xr-x'. Translation: full access for the owner, everyone else has read and execute access
- 664 is shorthand for 'rw-rw-r--'. Translation: the owner and the group get read and write access, all other users get read access.
For files these permissions settings are quite straight forward. 'read' allows accessing the contents of a file, 'write' allows the file to be changed or deleted, and 'execute' allows the file to be run as a program from the command line shell. Note that the execute bit isn't really required for PHP files as they don't generally get run from the shell.
Permissions on directories are a little different from those on files. 'read' allows the contents of a directory to be listed, 'write' means that you can add or delete files in the directory, and 'execute' allows direct access to files in the directory (if you already know their names). On most directories read and execute bits tend to go together ie typically directories will either have both bits set or neither set.
There is a friendly tutorial here if you need more information: http://www.perlfect.com/articles/chmod.shtml
If you didn't see the link above about command line shell, here it is again.
See also permissions: http://drupal.org/node/34025 in this handbook.